CVE-2020-28735

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2020-28735
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-28735.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2020-28735
Aliases
Published
2020-12-30T19:15:13.327Z
Modified
2026-03-13T00:39:45.363698Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Plone before 5.2.3 allows SSRF attacks via the tracebacks feature (only available to the Manager role).

References

Affected packages

Git / github.com/plone/plone

Affected ranges

Type
GIT
Repo
https://github.com/plone/plone
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
f60eabc07798a9d4418d8752a528d5dc2983c8d3
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "5.2.3"
        }
    ]
}

Affected versions

4.*
4.1.0
4.1a1
4.1a2
4.1a3
4.1b1
4.1b2
4.1rc1
4.1rc2
4.1rc3
4.2a1
4.2a2
4.2b1
4.2b2
4.2rc1
4.3
4.3.1
4.3a1
4.3a2
4.3b1
4.3b2
5.*
5.0
5.0.1
5.0.2
5.0a2
5.0a3
5.0b1
5.0b3
5.0b4
5.0rc1
5.0rc2
5.0rc3
5.1.0
5.1.1
5.1.2
5.1.3
5.1.4
5.1a1
5.1a2
5.1b1
5.1b2
5.1b3
5.1b4
5.1rc1
5.1rc2
5.2.0
5.2.1
5.2.2
5.2a1
5.2a2
5.2b1
5.2rc1
5.2rc2
5.2rc3
5.2rc4
5.2rc5

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-28735.json"